Marketing and the GDPR, Part 1: Carrots and sticks

I'm old enough to remember when the web arrived in full force. As a result, I really comprehend many of its implications. You could scribe a tome about that statement, but in this post and my next I'll focus on privacy.

Founded in 1996, one of the first companies to broach consumer privacy concerns was DoubleClick – now part of Google. By tracking user behavior via cookies, DoubleClick's technology could do both amazing and powerful things. Advertisers could effectively follow users around the web and serve up relevant ads irrespective of sites. (As an aside, I saw some of this firsthand because I did a two-month consulting gig at the company in 2000.)

It didn't take long for the company to ascend to a lofty valuation (as many dot.com's did at the time). Buoyed by newfangled measures such as "eyeballs" that made traditional Wall Street types wince, DoubleClick served up more than 34 billion "impressions" in 1998 alone.

DoubleClick may no longer exist as a separate entity, but make no mistake: privacy concerns have only intensified in the last two decades. Consider legislation such as the Family Educational Rights and Privacy Act (FERPA) – passed in 1974. One cannot credibly argue that a pre-web law could stand as-is.

The GDPR defines personal data broadly and puts the individual at the center of data protection. It gives every EU citizen the right to know and decide how personal data is being used, stored, protected, transferred and deleted. Individuals have the right to restrict further processing and to request that all their data be erased (the “right to be forgotten”).

The marketing angle – aka, the carrot vs. the stick

It's not hard to envision an executive in France thinking about how her company will comply with the new law. I can see someone thinking about how to do the bare minimum. (Insert Office Space reference here.) Here the costs of noncompliance drive the conversation. From the same SAS white paper:

To underline the gravity of personal data protection, the GDPR strengthens enforcement and increases fines for noncompliance. Any organization that does not comply could be fined up to US$22 million, or 4 percent of their global annual revenue (whichever is greater).

Simon Says

That's one way to play it but is it the right one? Perhaps not. Instead of viewing GDPR as cumbersome government legislation, why not think about the upsides of complying with it? What about viewing GDPR as a way of potentially differentiating a company from its competition? For instance, consider how Apple has effectively branded privacy as a feature?

About Author

Phil Simon is a keynote speaker and recognized technology expert. He is the award-winning author of eight management books, most recently Analytics: The Agile Way. His ninth will be Slack For Dummies (April, 2020, Wiley) He consults organizations on matters related to strategy, data, analytics, and technology. His contributions have appeared in The Harvard Business Review, CNN, Wired, The New York Times, and many other sites. He teaches information systems and analytics at Arizona State University's W. P. Carey School of Business (Department of Information Systems). He also runs 5marbles, an Agile software-development shop.

About

The Data Roundtable is a forum where data management experts share tips, tricks and practical advice on all sorts of topics, including SAS Data Management software. Get inspired by their views and expertise – from trendy to fun to thought-provoking. And don’t forget to check out our thought leadership content at SAS Data Management Insights.